mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-01 11:47:11 -06:00
5b58348cd3
During LDAP bind, this now plugin determines if a user is enabled for OTP authentication. If so, then the OTP is validated in addition to the password. This allows 2FA during user binds. https://fedorahosted.org/freeipa/ticket/3367 http://freeipa.org/page/V3/OTP
363 lines
14 KiB
Plaintext
363 lines
14 KiB
Plaintext
AC_PREREQ(2.59)
|
|
m4_include(../version.m4)
|
|
AC_INIT([ipa-server],
|
|
IPA_VERSION,
|
|
[https://hosted.fedoraproject.org/projects/freeipa/newticket])
|
|
|
|
AC_CONFIG_HEADERS([config.h])
|
|
|
|
AM_INIT_AUTOMAKE([foreign])
|
|
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
|
|
|
|
AM_MAINTAINER_MODE
|
|
AC_PROG_CC
|
|
AC_STDC_HEADERS
|
|
AC_DISABLE_STATIC
|
|
AC_PROG_LIBTOOL
|
|
|
|
AC_HEADER_STDC
|
|
|
|
AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
|
|
|
|
AC_SUBST(VERSION)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for NSPR/NSS
|
|
dnl ---------------------------------------------------------------------------
|
|
PKG_CHECK_MODULES([NSPR], [nspr], [], [AC_MSG_ERROR([libnspr not found])])
|
|
PKG_CHECK_MODULES([NSS], [nss], [], [AC_MSG_ERROR([libnss not found])])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for DS slapi plugin
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
# Need to hack CPPFLAGS to be able to correctly detetct slapi-plugin.h
|
|
SAVE_CPPFLAGS=$CPPFLAGS
|
|
CPPFLAGS=$NSPR_CFLAGS
|
|
AC_CHECK_HEADER(dirsrv/slapi-plugin.h)
|
|
if test "x$ac_cv_header_dirsrv_slapi-plugin_h" = "xno" ; then
|
|
AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
|
|
fi
|
|
AC_CHECK_HEADER(dirsrv/repl-session-plugin.h)
|
|
if test "x$ac_cv_header_dirsrv_repl_session_plugin_h" = "xno" ; then
|
|
AC_MSG_ERROR([Required 389-ds header not available (389-ds-base-devel)])
|
|
fi
|
|
CPPFLAGS=$SAVE_CPPFLAGS
|
|
|
|
if test "x$ac_cv_header_dirsrv_slapi_plugin_h" = "xno" ; then
|
|
AC_MSG_ERROR([Required DS slapi plugin header not available (fedora-ds-base-devel)])
|
|
fi
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for KRB5
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([krb5.h not found])])
|
|
AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
|
|
AC_CHECK_LIB(krb5, main, [], [AC_MSG_ERROR([libkrb5 not found])])
|
|
AC_CHECK_LIB(k5crypto, main, [krb5crypto=k5crypto], [krb5crypto=crypto])
|
|
AC_CHECK_LIB(krad, main, [], [AC_MSG_ERROR([libkrad not found])])
|
|
KRB5_LIBS="-lkrb5 -l$krb5crypto -lcom_err"
|
|
KRAD_LIBS="-lkrad"
|
|
krb5kdcdir="${localstatedir}/kerberos/krb5kdc"
|
|
AC_SUBST(KRB5_LIBS)
|
|
AC_SUBST(KRAD_LIBS)
|
|
AC_SUBST(krb5kdcdir)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for Mozilla LDAP and OpenLDAP SDK
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
SAVE_CPPFLAGS=$CPPFLAGS
|
|
CPPFLAGS="$NSPR_CFLAGS $NSS_CFLAGS"
|
|
AC_CHECK_HEADER(svrcore.h)
|
|
AC_CHECK_HEADER(svrcore/svrcore.h)
|
|
if test "x$ac_cv_header_svrcore_h" = "xno" && test "x$ac_cv_header_svrcore_svrcore_h" = "xno" ; then
|
|
AC_MSG_ERROR([Required svrcore header not available (svrcore-devel)])
|
|
fi
|
|
if test "x$ac_cv_header_svrcore_svrcore_h" = "yes" ; then
|
|
CPPFLAGS="$CPPFLAGS -I/usr/include/svrcore"
|
|
fi
|
|
|
|
AC_CHECK_LIB(ldap, ldap_search, with_ldap=yes)
|
|
dnl Check for other libraries we need to link with to get the main routines.
|
|
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
|
|
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
|
|
test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
|
|
dnl Recently, we need -lber even though the main routines are elsewhere,
|
|
dnl because otherwise be get link errors w.r.t. ber_pvt_opt_on. So just
|
|
dnl check for that (it's a variable not a fun but that doesn't seem to
|
|
dnl matter in these checks) and stick in -lber if so. Can't hurt (even to
|
|
dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
|
|
dnl #### understands LDAP needs to fix this properly.
|
|
test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
|
|
|
|
if test "$with_ldap" = "yes"; then
|
|
if test "$with_ldap_des" = "yes" ; then
|
|
OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"
|
|
fi
|
|
if test "$with_ldap_krb" = "yes" ; then
|
|
OPENLDAP_LIBS="${OPENLDAP_LIBS} -lkrb"
|
|
fi
|
|
if test "$with_ldap_lber" = "yes" ; then
|
|
OPENLDAP_LIBS="${OPENLDAP_LIBS} -llber"
|
|
fi
|
|
OPENLDAP_LIBS="${OPENLDAP_LIBS} -lldap_r"
|
|
else
|
|
AC_MSG_ERROR([OpenLDAP not found])
|
|
fi
|
|
|
|
AC_SUBST(OPENLDAP_LIBS)
|
|
|
|
OPENLDAP_CFLAGS="${OPENLDAP_CFLAGS} -DWITH_OPENLDAP"
|
|
AC_SUBST(OPENLDAP_CFLAGS)
|
|
|
|
AC_ARG_WITH([openldap],
|
|
[AS_HELP_STRING([--with-openldap],
|
|
[compile plugins with openldap instead of mozldap])],
|
|
[], [])
|
|
|
|
LDAP_CFLAGS="${OPENLDAP_CFLAGS} $NSPR_CFLAGS $NSS_CFLAGS -DUSE_OPENLDAP"
|
|
LDAP_LIBS="${OPENLDAP_LIBS}"
|
|
AC_DEFINE_UNQUOTED(WITH_OPENLDAP, 1, [Use OpenLDAP libraries])
|
|
|
|
AC_SUBST(LDAP_CFLAGS)
|
|
AC_SUBST(LDAP_LIBS)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for OpenSSL Crypto library
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl This is a very simple check, we should probably check also for MD4_Init and
|
|
dnl probably also the version we are using is recent enough
|
|
SSL_LIBS=
|
|
AC_CHECK_HEADER(openssl/des.h, [], [AC_MSG_ERROR([openssl/des.h not found])])
|
|
AC_CHECK_LIB(crypto, DES_set_key_unchecked, [SSL_LIBS="-lcrypto"])
|
|
AC_SUBST(SSL_LIBS)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for UUID library
|
|
dnl ---------------------------------------------------------------------------
|
|
AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([uuid/uuid.h not found])])
|
|
|
|
AC_CHECK_LIB(uuid, uuid_generate_time, [UUID_LIBS="-luuid"])
|
|
AC_SUBST(UUID_LIBS)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for Python
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
AC_MSG_NOTICE([Checking for Python])
|
|
have_python=no
|
|
AM_PATH_PYTHON(2.3)
|
|
|
|
if test "x$PYTHON" = "x" ; then
|
|
AC_MSG_ERROR([Python not found])
|
|
fi
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl Check for ndr_krb5pac and other samba libraries
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
PKG_PROG_PKG_CONFIG()
|
|
PKG_CHECK_MODULES([TALLOC], [talloc])
|
|
PKG_CHECK_MODULES([TEVENT], [tevent])
|
|
PKG_CHECK_MODULES([NDRPAC], [ndr_krb5pac])
|
|
PKG_CHECK_MODULES([NDRNBT], [ndr_nbt])
|
|
PKG_CHECK_MODULES([NDR], [ndr])
|
|
PKG_CHECK_MODULES([SAMBAUTIL], [samba-util])
|
|
SAMBA40EXTRA_LIBPATH="-L`$PKG_CONFIG --variable=libdir samba-util`/samba -Wl,-rpath=`$PKG_CONFIG --variable=libdir samba-util`/samba"
|
|
AC_SUBST(SAMBA40EXTRA_LIBPATH)
|
|
AC_CHECK_HEADERS([samba-4.0/wbclient.h],
|
|
,
|
|
[AC_MSG_ERROR([samba-4.0/wbclient.h not found])],
|
|
[#include <stdbool.h>
|
|
#include <stdint.h>])
|
|
AC_CHECK_LIB([wbclient],
|
|
[wbcLookupSid],
|
|
[WBCLIENT_LIBS="$SAMBA40EXTRA_LIBPATH -lwbclient"],
|
|
[AC_MSG_ERROR([libwbclient does not have wbcLookupSid])],
|
|
[$SAMBA40EXTRA_LIBPATH])
|
|
AC_SUBST(WBCLIENT_LIBS)
|
|
|
|
AC_CHECK_LIB([pdb],
|
|
[make_pdb_method],
|
|
[HAVE_LIBPDB=1],
|
|
[AC_MSG_ERROR([libpdb does not have make_pdb_method])],
|
|
[$SAMBA40EXTRA_LIBPATH])
|
|
AC_CHECK_LIB([pdb],[pdb_enum_upn_suffixes],
|
|
[AC_DEFINE([HAVE_PDB_ENUM_UPN_SUFFIXES], [1], [Ability to enumerate UPN suffixes])],
|
|
[AC_MSG_WARN([libpdb does not have pdb_enum_upn_suffixes, no support for realm domains in ipasam])],
|
|
[$SAMBA40EXTRA_LIBPATH])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl Check for libverto
|
|
dnl ---------------------------------------------------------------------------
|
|
PKG_CHECK_MODULES([LIBVERTO], [libverto])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for check unit test framework http://check.sourceforge.net/
|
|
dnl ---------------------------------------------------------------------------
|
|
PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=])
|
|
if test x$have_check = x; then
|
|
AC_MSG_WARN([Without the 'CHECK' library, you will be unable to run all tests in the 'make check' suite])
|
|
else
|
|
AC_CHECK_HEADERS([check.h],,AC_MSG_ERROR([Could not find CHECK headers]))
|
|
fi
|
|
AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for cmocka unit test framework http://cmocka.cryptomilk.org/
|
|
dnl This will be simplified when cmocka carries a .pc file.
|
|
dnl ---------------------------------------------------------------------------
|
|
AC_SUBST(CMOCKA_LIBS)
|
|
AC_SUBST(CMOCKA_CFLAGS)
|
|
|
|
AC_CHECK_HEADERS(
|
|
[setjmp.h cmocka.h],,,
|
|
[[ #include <stdarg.h>
|
|
# include <stddef.h>
|
|
#ifdef HAVE_SETJMP_H
|
|
# include <setjmp.h>
|
|
#endif
|
|
]]
|
|
)
|
|
|
|
if test "x$ac_cv_header_setjmp_h" = "xyes" && test "x$ac_cv_header_cmocka_h" = "xyes" ; then
|
|
AC_CHECK_LIB([cmocka], [_will_return],
|
|
[ CMOCKA_LIBS="-lcmocka"
|
|
AC_MSG_RESULT([libcmocka available, cmocka tests will be build])
|
|
have_cmocka="yes" ],
|
|
[AC_MSG_WARN([No libcmocka library found, cmocka tests will not be build])
|
|
have_cmocka="no" ])
|
|
else
|
|
AC_MSG_WARN([Required header files for libcmocka are missing, cmocka tests will not be build])
|
|
have_cmocka="no"
|
|
fi
|
|
|
|
AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
|
|
|
|
dnl -- dirsrv is needed for the extdom unit tests --
|
|
PKG_CHECK_MODULES([DIRSRV], [dirsrv >= 1.3.0])
|
|
dnl -- sss_idmap is needed by the extdom exop --
|
|
PKG_CHECK_MODULES([SSSIDMAP], [sss_idmap])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for systemd unit directory
|
|
dnl ---------------------------------------------------------------------------
|
|
PKG_CHECK_EXISTS([systemd], [], [AC_MSG_ERROR([systemd not found])])
|
|
AC_ARG_WITH([systemdsystemunitdir],
|
|
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
|
|
[], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)])
|
|
AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Check for program paths
|
|
dnl ---------------------------------------------------------------------------
|
|
AC_PATH_PROG(UNLINK, unlink, [AC_MSG_ERROR([unlink not found])])
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl - Set the data install directory since we don't use pkgdatadir
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
IPA_DATA_DIR="$datadir/ipa"
|
|
AC_SUBST(IPA_DATA_DIR)
|
|
|
|
dnl ---------------------------------------------------------------------------
|
|
dnl Finish
|
|
dnl ---------------------------------------------------------------------------
|
|
|
|
# Turn on the additional warnings last, so -Werror doesn't affect other tests.
|
|
|
|
AC_ARG_ENABLE(more-warnings,
|
|
[AC_HELP_STRING([--enable-more-warnings],
|
|
[Maximum compiler warnings])],
|
|
set_more_warnings="$enableval",[
|
|
if test -d $srcdir/../.hg; then
|
|
set_more_warnings=yes
|
|
else
|
|
set_more_warnings=no
|
|
fi
|
|
])
|
|
AC_MSG_CHECKING(for more warnings)
|
|
if test "$GCC" = "yes" -a "$set_more_warnings" != "no"; then
|
|
AC_MSG_RESULT(yes)
|
|
CFLAGS="\
|
|
-Wall \
|
|
-Wchar-subscripts -Wmissing-declarations -Wmissing-prototypes \
|
|
-Wnested-externs -Wpointer-arith \
|
|
-Wcast-align -Wsign-compare \
|
|
$CFLAGS"
|
|
|
|
for option in -Wno-strict-aliasing -Wno-sign-compare; do
|
|
SAVE_CFLAGS="$CFLAGS"
|
|
CFLAGS="$CFLAGS $option"
|
|
AC_MSG_CHECKING([whether gcc understands $option])
|
|
AC_TRY_COMPILE([], [],
|
|
has_option=yes,
|
|
has_option=no,)
|
|
if test $has_option = no; then
|
|
CFLAGS="$SAVE_CFLAGS"
|
|
fi
|
|
AC_MSG_RESULT($has_option)
|
|
unset has_option
|
|
unset SAVE_CFLAGS
|
|
done
|
|
unset option
|
|
else
|
|
AC_MSG_RESULT(no)
|
|
fi
|
|
|
|
# Flags
|
|
|
|
AC_SUBST(CFLAGS)
|
|
AC_SUBST(CPPFLAGS)
|
|
AC_SUBST(LDFLAGS)
|
|
|
|
# Files
|
|
|
|
AC_CONFIG_FILES([
|
|
Makefile
|
|
ipa-kdb/Makefile
|
|
ipa-sam/Makefile
|
|
ipa-otpd/Makefile
|
|
ipa-slapi-plugins/Makefile
|
|
ipa-slapi-plugins/ipa-cldap/Makefile
|
|
ipa-slapi-plugins/ipa-dns/Makefile
|
|
ipa-slapi-plugins/ipa-enrollment/Makefile
|
|
ipa-slapi-plugins/ipa-lockout/Makefile
|
|
ipa-slapi-plugins/ipa-pwd-extop/Makefile
|
|
ipa-slapi-plugins/ipa-extdom-extop/Makefile
|
|
ipa-slapi-plugins/ipa-winsync/Makefile
|
|
ipa-slapi-plugins/ipa-version/Makefile
|
|
ipa-slapi-plugins/ipa-uuid/Makefile
|
|
ipa-slapi-plugins/ipa-modrdn/Makefile
|
|
ipa-slapi-plugins/ipa-sidgen/Makefile
|
|
ipa-slapi-plugins/ipa-range-check/Makefile
|
|
])
|
|
|
|
AC_OUTPUT
|
|
|
|
echo "
|
|
IPA Server $VERSION
|
|
========================
|
|
|
|
prefix: ${prefix}
|
|
exec_prefix: ${exec_prefix}
|
|
libdir: ${libdir}
|
|
bindir: ${bindir}
|
|
sbindir: ${sbindir}
|
|
sysconfdir: ${sysconfdir}
|
|
localstatedir: ${localstatedir}
|
|
datadir: ${datadir}
|
|
krb5kdcdir: ${krb5kdcdir}
|
|
systemdsystemunitdir: ${systemdsystemunitdir}
|
|
source code location: ${srcdir}
|
|
compiler: ${CC}
|
|
cflags: ${CFLAGS}
|
|
LDAP libs: ${LDAP_LIBS}
|
|
KRB5 libs: ${KRB5_LIBS}
|
|
KRAD libs: ${KRAD_LIBS}
|
|
OpenSSL libs: ${SSL_LIBS}
|
|
Maintainer mode: ${USE_MAINTAINER_MODE}
|
|
"
|